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Secme message transmission and data ii^iit methods 



The invei^on xdates to a metliod of secure reception of a message &om a 
uses, lo amc^d of secau» transmission of suciiiames^ and to a client device. 



5 Visual cryptograplQrO^^Naor, A. ShandriVisu^ 

Springer-Verlag IKCS Vot950, Sptinger-Verlag, 1995. ppl-12) can briefly be described as 
follows. An image is split into two landomized parts, the image plus a randomization and the 
randomization itself. EiHier part contains no information on the original image because of the 
randomization. However, whm both parts are physically overlaid the original image is 

10 reconstructed. An example is given in Fig. 1: original image 100 is split into shares 1 1 0 and 
120, ^«da.ch when overlaid result in Teoonstructed im^e 130. 

If the two parts do not fit together no information on tiie original hnage is 
revealed and axandom image is produced. Therefore if two patties want to communicate 
ushig visual oryptography, they have to share the randomizadon. A basic implementation 

15 w>tild be to give a receiving parly a transpareocyoontahiinglhe randomization. The se^^ 
would then use ftas randomizatiott to randomize the oiighial message. 

A basic property of visual cryptography is that image reconstruction (or 
decryption) is performed directly by the human eye (pattern recognition) and not by a device 
which might be compromised. This makes the use of visual cryptography to communicate 

20 secret information more secure. However, ihe use of transparencies is not very practical. For 
one thing, the patterns on the transparency used by the receiver are fixed, so that for eaxsh 
message a new transpacency is necessary. If the same transparency is re-used, the securily of 
flje system is severely reduced. The security of this system is comparable to the security of a 
classic on&<tima pad. 

25 



It is an olflBct of the mvetsfion to provide a mefliod of secure reception of a 

message, 
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TMs ect is aohisved a(»oidmg 10 the invento m a method 

:»,es»tsft,astvatae.«iffl«pixelis<rffl.*firstcolorandthepo«imrepre^ 
^t.*.«^«ingfi»=»hpi^l«.P«t^*oHc.pat»«toad«vice^^^^^^ 

^c„toi»pu.»e««..P«««edo«fl>oi»^e,a^con««>.-^^^ 
ssfteinpat^olt^sewntedW-thepartioutetapitfmeaiB. ^ . , 

.0.«^1i«secc»lvalueUn^Tb.i»»8.is»coded»h«apa«i<«d«&™ 

Upo«»«ep6aaof1l«pa«=n^a«c«-"^^"'-"-^*'^ 
pamcttlarspoconTne l„,,,^„^^i^ie«jeived coordinates to the paxacularmput 
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By randomizing iha placement every time an image is generated, the observations made by 
the attacker are of no use, as he cannot re-use these observations to later impersonate lh© 
i]ser. 

3t is a further object of tiie invention to provide a method of secure 

5 transmisaian of amessage. 

Ttd9 object is achieved according to the ijiventioa in a method comprising 
receiving a pattern from a transmitting device, odiiputtins on a first display a gi^cal 
representation of «ie pattern, outputting on a second display a graphical xepreseHtation of a 
firstpattemif aportion of akey sequence represents afltst value, and ontputting on the 

10 second display a graphical representation of a second pattern if said portion represents a 

second value, receiving input representing a set of coordinates &omauser, and transmitting 
the set of coordinates to the tiansmitti*® device. 

As e3q)la3ned above, an image representing a plurality of input means is 
encoded ustog apartlcular fiam of wual cayptogr^hy, and one set of the resulting patterns 

15 issenttoaclifintdevice.Theiec^vedpattmiisdisplayedonafirstdi^^^ , 
ptocessingotdetayptingstepisnecessaEyinihedevicebefiaeanyd^^^^ 
pattemsaredlsplayedastiieyatereceived.Onaseconddisplayanolherpattm^ . 
wMch is generated based entirdyonakey sequence. Reoonslr^ 
performed by superimposing the first and second displays hxtiie correct al%mn«it, so mat the 

20 user can see the reconstructed hnage, 

This way the input means will appear, and the user can UMficate ihe 

coordinates of the input means he wants to sdect, e,g. by operating a cursor or oth^^ 
dflvioet* selectaparticular spot on the first display. The coordinates are then transmitted 
back to the tensmitting device, so ttiat m the transmitting device ihe message can be 
25 reconstmctedbytranalatinglhereceivedooordinatestolheparticularmputme^ 

tepresaitedonihe original image, and iddng the toputword(s) represented by ihose input 
means.Mno lime is the reoonsliuctedimageaaaviole available uxel^ 

the user can see it. 

in an embodiment the input is received as pressure on a particular spot of the 
30 firstdisplay,tl^setofcoordmatesoorrespondingtothepartic«larspot.^ 

isavery easy wof selecting input means onadisplay.Furfier. it ipnotn^^^ 
displayacursor or other indication on the first ot second display, T^chcurs^^ 

mterfeie with fee display of the patterns. 
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It is a furtbsr object of the invention to provide a client device aUowing secure 
ttansniission of a message. 

This object is achieved according to the invention in a client device 
cotoprising receiving means for receiving apattem ftom a transmitting device, a memory for 
storing a key sequence, a first asplay for outprrtting a graphical repiesentation of the pattern, 
a second display suilable to be overlaid upon the first display, lie second display being 
arrange for oulputting a graphical leipfeseiitation of a first pattern if a portion of the key 
seqiienoeiepresents a &st value, and fhr ontputting a grapMcal representation of a second 
pattern if said portion represents a second valne, input means for receiving input lepresenfing 
a set of coordinates fccaa a user, and transmittmg means for transmitdng the set of 
coordinates to the ttansmitting device. 

In an embodiment the second display is embodied as a unit physically separate 
from the first display, and provided vrith lie memory for storing the key sequence. No 
electiioal. optical or other communication paUis between Hie first and second displays, or the 
devices in which they are embodied, should exist. As tlie patterns and the key sequence are 
provided in digiKd (electronic) fbmi. any such communication paths could potentially be 
abused by an attacker to obtain patterns and/or key sequence. TMs it is achieved that the 
Tiser does not have in liust the secorilyofttiedient device, but only IMS separate 

The invention fijrthcr rdates to computer program products arranged for 
causing aprocessorto execute the methods according to the invention. 



These and other aspects of the invention wiU be apparent ftom and elucidated 
witii reference to ihe embodiments shown in the dravying, in which: 

Fig. 1 shows an original image, two shares obtained by visually encrypting ihe 
orlg!nalimagpandareconslruoted image obtainedby superimposing the two shares; 

Fig. 2 illusttates the visual cryptogr^hy process as devised by Naor and 

Shamir in the above-referenced paper, 

Fig. 3 sdiematically shows asystem comprising aserver and several clients; 

Fig. 4 shows aflowchart illustrating an embodiment of a method to securely 

jecdve a message firom a user; and 

Figs. 5A.C schematically illustratetiie operation of the client device. 
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Tbiou^ut the ifigures, same iite&reoce numerals indicate similar ot 
corresponding features. Some of tbe features indicated in 4e drawings are typically 
implemented in software, and as such represent software entities, sudi as softwate modules 
or otijeote. 

Fig. 1 sho^ an original image 100, two shares 110, 120 and a reconstructed 
unage 130. The shares 1 10, 120 were obtained hy applymg visual cryptography to the 
original image 100. Visual cryptography is explained m more detail with reference to Fig. 2 
Ijelow. By superinqiosing the shares 1 10, 120 the reoonstnicted image 130 appears. Note that 
file leoonstwctionis not perfect; the white parts of the orighial image 100 turn into a 
xaadomized black and while pattern in the reconstructed image 130. 

Fig. 2 illnstrates the visual cryptography process as devised by Naor and 
Shamk in the above-referenced paper. The process is illustrated here for a sin^e pbtel, of 
course every pixel in the source image is to be processed in this way. 

Every pixel of the original unage 100 is mapped to a particular pattern, in ttds 
embodiment by spUtting every pixel into four sub-pixels. To generate the first share SI for 
fbis pixel, two of the four pixels are chosen to be black (non-transparent) while the olher two 
are chosen to be white (transparent). To generate fee other share S2 of this pixel the four sub- 
pixeU are copied if the corresponding pixel in the original image was while and they aie 
invertedif the original pixel was black. For each pixel a new random choioe of viMch two of 
the four pixels should be black (non-transpatent) needs to be made. The number of sub-pixels 
into which the pixek aie split can be chosen arbitrarily. 

This way. two collections of sub-pixels are formed. These collections make up 
the two shares. Neither of the shares gives any information on the color of the original pixel. 
Itt all cases, two of the four sub-pixels chosen to represent Ihe orighial pixel m either of the 
shares are black and the other two are while. Further, aU possible combinations of black and 
white are equally likely to occur, since -aie random choice is made with aprobabihty of 
p=0.5, hidependently for each pixel. 

To reconstruct the original unage, lhe two shares SI and S2 are to be 
superimposed, i.e. put on top of each other. This is shown in the last column (R) of Fig. 2. If 
the original pixel (PI) were black, then the superposition of the sub-pfacels ftom shares SI 
and S2 will result in four black sub-pixels. If lhe original fdxel where while (P2) . then the 
supeiposilion of the siib-pixels ftom shares SI and S2 wiU result in a black and white pattern 
in the reconstructed haage 130, wMch often appears to be gray when seen ftom a distance. 
Also note that the resolution ofthe reconstructed Image 130 is four times lower than the 
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resolution of His original image 100, since every pixel has been lianslated to apattemof 2x2 
pixels. TTiis makes the teoonstructeHmage 130 four as large as 1hfi ori^ image 100. 

If liie two parts do not fit togetiier no information on ihe origmal image is 
revealed and arandora image is produced. Without knowing both of the shares, the 
probabiUtythat one set of sub-pixels corresponds to awhite pixel in the original i^^^^ 100 is 
equal to the probability that that set oorregponds to a black pixel in the original image 100. 

Fig. 3 schematicaUy shows a system according to the invention, comprising a 
server 300 and several cUents 301, 302. 303. WhUe the clients 301-303 are embodied here as 
akptop computer 301,apaImtopcompnter302ai^amobiJe phone 303. iheycanto^^^^ 
reali^d as any kind of device, as long as the device is able to interactively oonunnnioate with 
the server 300 and is able to render gr^hical images onadisplay. Tlie commnnication can 
take place over a wire, such as is the case with the l^p 30U or wnelessly like wit3>the 
pahntop computer 3 02 and the mobile phone 303 . A network soeh as the lnt«met or a phone 
network could interconnect the server 300 and any of the clients 301-303 . 

To realize secure communication between server 300 and clients 301-303, the 
server 300 generates animage 320 representing a pluraUty of inputmeans 321, shown here as 
„,„xteric^keys labeled through «9\Next to k 

chedcboxes, selection lists. sHders or other elements typically usedlnuserin^^^ 
fecilitate user input. Havingrecelvedihe image onhiscUent301.303.the user can select one 
or more of the input means321. The selectionisthenttansmittedbaokto the server 
ixnage 320 wiJlbe encoded using visual cryptogr^y before transmission, as will become 

apparent below, . 

Al«, shovminFig. 3 to ape«o»l decryption ds™=31«. TMsdewe 310 is 
p»rMaaltoa»s«=mdsto»Mtogu»dedweU.^itis1»beusedtodecOTtvi™^ 
™e»,S«, .eotbyft* s^et 300 to »y of Ihe cUenO 301-303. Anyone v*o g=to 
co»ti61av«tod<wp<iondevi<«310canieaddl.*-»dly«aypte 
theustt TlBwa3dii»of4BdBV«»3WTi»ffll)ecomaappiiieiitb^^^ 

■n« decjyplicm dsvlce 3 10 oom|«S»» a toptey 31 1 a ^= "2- 
T,>ea«pUy3Ui»P«tad:Iyretod»saUq»MCwstalM5>Iay(L^^ 
area312 comprises allea«akeyseq™noe to be »«d in d«.,pfinEvi^«^ 

TOe toy sequence isprefbtably«alizc4a»a»<l»enceofb«a,e.g.'0UOl0U101O . 

Tl.etogfhofftetoyseq»encesto»dinae3to«gea«a312toidbelon6em.,>Sbto 
.^o^odateatog^nnmberof decryption ope»tiona.V^daoryp«»g»»^ 
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images, one bit is necessary for every pixel of Hie original input image. So, if lOOxlOO pixel 
images axe to be deoTpted, 10,000 bits afe necessary per image. 

Also, after every deoiyption operation, the key bits used are preferably 
discarded or marked as used. TMs my every decryption operation involves the use of a 
vadqoR subsection of the key sequence. When all key bits have been used, the key sequence 
in the storage area 3 12 must be replaced. This can be realized by e.g. asking the owner of the 
decagon device 310 to replace Ws decayption device 310 wifli a new specimen, or to visit a 
secute location like a bank where it is baded with anew key sequence. 

Altematively, a ksy sequence has been used, a cryptogr^hic hash 
function or symmetric encryption scheme can be ^Jied to the key sequence. The output of 
the hash function or encryption scheme is then used as the new key. This way a series of key 
sequences can be generated of any length, without having to store all of the key sequences in 
the personal decryption device 310, Of course, if even one key sequence in the series 
becomes known to an attacker, the attacker can also reconstruct all fhture key sequences. 

The decryption device 3 10 is preferably embodied as a unit physically 
separate, or at least separable, ftom the clienl: device 301-303. No eleclrical, optical or other 
communicatioapalhs between liie decryption device 310 and the client should exist. As the 
patterns and the key sequence are pnMded hi digital (eleotianic) form, any such 
communicalion paths could potentiaUy be abused by an attacker to obtain patterns and/or key 
sequence. Without such paf3i3, a compromised client device cannot obtain inftranation ftom 
the decryption device 3 10 in any way. ll)is way, it is achieved 4at the user does not have to 
trust the security of the client 301 - 

Fig. 4 shows a flowchart illustrating an embodiment of a method to securely 
recMve a message from a user. Using this method, it is possible to securely aUow a user to 
compose a message and to transmit said mess^e using a oUent device, for Hie sake of 
example (fliosen as laptop 301, to the server 300. 

At step 401, an image, e.g. image 320, is gemerated tiiat represents a plwraJiiy 
of input means such as keys . .on a keyboard. Eaiih input means represents an input word lhat 
can be used in the message that will be composed by the user. The user must compose Ihe 
30 message by selecting keys or other input means rendered as an image on the display of the 
client device 301 . Such keys could be visuaUy rendered as keys representing different 
alphanumerical characters, or as buttons representing choices like 'Yes', 'More 
mfbrmalion' and so on. Other ways to visually represent mput means are well known in the 
art. 



20 
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Selecting the iiqmt means is prefecably don© by selecting a parficula* set of 
coordinates on the display of the client device 3 0 L Preferably, lhe user inpute the get of 
cooidinates as pressure on aparticijlar spot of &e display, the set of coordinates 
corresponding to the particular spot Of coiiise. other input means such as a mouse, a 
graphics taUet or even a keyboard can also be used. 

By itself it is known to allow composition of a message through visuaUy 
tendered input means on a display, see e.g. US-B-6209 102. This US patent, however, does 
not protect tije composed message against interception by an eavesdropper. It also feils to 
teach bow such an image representing input means can securely beltansmittedto the client 
device 301. This means that an eavesdropper can leamlhelayout of the input means 
represented on the hnage. ^ learn from the feedback sent by ihe client device 301 to the 
server 300 which hiput means were selected. 

It is observed that different input means may, but need not necessariXy, 
i^resent different input words. Providing multiple input means representog the sam^ 
vwttd has the advantage lhatasequence of inputs made by ihe user appears to be random 
even when the sequence coirtainsrepetitions. As nsedhere,lhe term W'-canmeans^^ 
alphamunericalcharactets,bnt alsoterts like W, W and so on, as well as other 



linguistic or symbolic c ... 

Eat* s*«l to fl» image is to !«ce!sed in stq, 402. Ftet. iM la 

««»^ in «op «1 «. delamine i<3 cote. Th«^ 

btaok and v«te.=l«»ngh of course <Aero<*», ad m™«»fl«»t«o<^ 

However. l=i1in8embo<to»titi5asamBedtW««in«geaMn«ri^ 

„^blacfcaadv,hto.IftoooU»oftt,opixelis&™itol».rtuls.ton««»^ 

step 422. Ofl»iwise,1i)emstlJodpiooeeds to Btsp 425. 

AaiM>ted above, the deorwaoodeviceSlOboldsakey sequence in storage 
atea312.m«rver 300 toldsacopy of .Ms key »qfl»oe,Usuallyfhe server 300 tomin 
advar^e^viser is operafl.««« client device 301. aidtteiioan simply look^ 
^propriatekey sequence. T3» server 300 may also v^nttonseapatticu^ 

e„s«red.WoMyaepersono™ng4epersanalde«ryptiond«lcevSath.tparic«l» 
sequence can readtheinfbrmadonoontainedinlhen^ssagetobelia™^ 

device 301. ... n 

Every bit iathe key scquenceis to be used only once. To 4uiend,muallya 

pointer indloatingtocurr««posMoniatiBkeys=qa«u=oismrinta^ 



PHNL020050EPI' 17.01. 2002 

9 17.015002 
position is referred to as the i* positioiL After using a bit fromfbe key sequence, the pointer 
is increased by 1 • If all thie bits fiom tJie key sequejice have been used, the key sequence must 
be replaced, ox the above-mentioned hash function or symmetric encryption function should 
be appUed to it to obtain a new key sequence. It is observed that the security of the system for 
a laige part depraads on the quality of the pseudo-random number geneiator used for 



In step 421, the i* bit of fhs key sequence is eacasjahifid to detwmine -whether it 
is '0' ot If it is '0% then at step 423 fbs pattern PO is chosen. If it is 4% then at step 424 
the pattern PI is chosen. 

Similarly, if the pixel is black, then at step 425 the i* bit of Ihe key sequence 
is also examined to dfitermine whether it is or n'. If it is '0% then at step 426 the pattern 
PI is chosen. If it is ' l\ then at step 427 the pattern PO is chosen. 

This way it is achieved that a user knowing the correct part of the key 
sequence used in the above steps can teconsfruot the miage upon reception of the chosen 
patterns. Eachreoeivedpatteinnwstbeoved^dwithei1herpattemP0.i£&^ bitoflhekey 
sequence is '0% or pattern PI. if said bit is '1'. This wiU recover the ori^ white or black 
pixel. 

When all pbcels have been processed, the pertinent chosen patteins are 
transmittBd to the oUent device 301. Such transmissions are sttaight&rwatd to hnplement and 
vim not be elaborated upon here. Note that it is not necessary to protect this transmission by 
e.g. encrypting the collection of chosen patterns before transmitting it Because of the process 
nsed to choose these patterns, it is fanpossible for an eavesdropper to recover the image by 



The client device 301 at some point transmits one or more sets of coor<hnates 
to the server 300, as lepult of the user operating the input means on the client device 301. The 
server 300 receives the seta of coordinates m step 404. Then, instep 405 the server 300 
tTEinslates each set of coordinates to a particular hiput means lejnresented on the image aa 
composed in step 401. Since the server 300 composed this image, translaJing a set of 
coordhiates to an mput means in the server 300 is straightforward. 

Fhially. in step 406 to message composed by the user is consttttcted as the 
input words represented by the particular input means l» which the sets of coor<hnales were 
translated in step 405. See e.g. the above^eotioned US-B-6209102 for more information. 

mile file message can of course contain any Wnd of hifoimatlon. preferably 
the message contains an autfaentfcation code such as a PIN code or a password. The server 
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300 can now check the PIN code or password to verify Ihe <»edentials of the user, and grant 
accesg, perfimn one or more privileged operations or perftam some olher action fcr whioh 
these credentials are necessary. The server 300 coijld also signal another system upon a 
successful verification of the credentials. 
5 Figs. 5A-C schematically illustrate the operation of the client device 301. 

Assnme that tiie client device 301 has just received a collection of patterns ftom the server 
300. These patterns were generated in accordance with the method as explained above with 
reference to Fig. 3, an4 hence ccnespond to an image representing a plurality of input means 
each representing an input word that can be used to compose a message. 
jQ The client device 301 is in this embodiment connected to a networic such as 

the Itttemet using a mobile phone 502, aa is generally known in the art. Uang a data 
connection established using ihe mobite phone 502, the client device 301 can transmit and 
receive data from the server 3O0. 

In Fig. 5A, the device 301 receives a number of patterns fl;om the server 300 
1 5 and displays the patterns on display 501 . Typically the patterns will be collections of four 
pixels, with two of these pixels being black and two of them being white. Observe that no 
pwcessing or decrypting step is necessary in the device 301 before any displaying takes 
place; the patterns are displayed as fljey aie received. It may be advantageous to display the 
patterns in a comer of ihe display 501, as will become apparent below. 
20 Upon recognizang that a visually encrypted iniagp has been sent to the client 

device 301, the user in Fig. SB takes Hs personal decryption device 310 and activates it This 
causes the decryption device 310 to output a graphical repreaencation in dependence on the 
sequence stored in stor^e area 312, 

The decryption device 310 must be programmed in advance with the 
25 dimensions ofthfi image that was generated by the server 300. Of course, an input means that 
allows the user to enter these dimensions for each image separately can also be provided, but 
this makes the decryption device 3 10 more con^lex and more expensive. 

For each pixel in each row of the image generated by the server 300. the 
decryption device 3 1 0 outputs dlher the pattern PO, if ihe corresponding Mt of the key 
30 sequence represents a '0'. or the pattern PI, if the corresponding bit of the key sequence 
represents a '1*. 

In Fig. 5C, the user 5 1 0 superimposes the personal decryption device 310 
upon the patterns displayed on display 501. To facilitate such ai^erimposing, tiie edge of Ihe 
display 501 can be provided vdth hooks or clamps in a comer, (not shown) using which the 
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pecsooal dectyptloii device 3 10 can be £M(teaed to a particulai positioii on top of the display 
501 . This way, it is veiy easy for the ms&f to properly superim|)os6 Vb& petrsonal decryplion 
device 301 upon ihQ patterns on ihe display 501 if these patterns are displayed In the 
coiresponding position on the display 501. 
5 Because both Uie decryption device 3 10 and the client device 301 efifectively 

display one share of a visually enoypted image, the user 510 can now observe the 
neconstructed image. Although fbe resolution of this image is four times below die resolution 
of the original image, and pixels in the origmal image have been replaced by black and 
white pattmis in the reconstructed image, the user can still reoogoize the information fiom 

10 the ori^ual image, as shown in balloon 511. 

Using the reconstructed image, the user can now operate the inpijt means 
represented therein. Selecting the input means is done by selecting a particular set of 
coordinates on the display 501. Preferably, the user inputs the set of coordinates as pressure 
on a particular spot of the di^lay 501, flie set of coordinates corresponding to the particular 

15 spot Ofcoucse, other input rneanssudi as amouse, a graphics tablet or even a keyboard can 
also be used. 

Because the image rqiresmting ihe input m^ns can only be seen when the 
decryption device 310 is supednxposed upon the client 301, the user is advised to apply 
pressure to the display 3 1 1 of the decryption device 3 10. This pressure will be iraasfened to 

20 the display of the cUent 301, wMoh when equipped with a touch-sensitive sorem can re^^ 
ihe ispot to which pressure was applied, and translate this to a set of coordinates. 

Alternatively, the user can move a cursor on the display of the client 301 to a 
particular location on that display, and click a mouse button or press a key to confirm 
selection of an input means represented on the image, WMle the display of the cursor on top 

25 of tile patterns is disruptive for the correct display of the patteros, it has been found in 

practice that such disnqition is acceptable. The cursor should, however, be large enou^ to be 
detectable ev&avib&a distorted, as the patterns displayed on the personal decryption device 
310 will distort the appearance of the cursor. Nesct to a mouse or keyboard, a graphics tablet 
connected to device 301 can be used to control movement of a cursor on Ihe display of device 

30 301. 

Having received one or more sets of coordinates, the client device 301 
transmits these sets of coordinates to the server 300. It is observed that eavesdroppmg 
software secretly installed on the client device 301 cannot learn any passwords or sensitive 
information entered in this fesMon. At the mosti such software would be able to learn the 
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particular sets of coordinates entered in this particular session. "Hiese sets coiUd then be used 
to impersonate Hie user in a fiituie session. 

To prevent tins type of so-caUed *«eplay' attack, the server 300 should 
randomize flie placement of the input means on the image generated in step 401 . If the 
eavesdropping software tiien retransmits the sets of coordinates it leatned, in order to 
impersonate the user inastfl:sequeiitsession,^server 300^11 not airihentio^ 

the sets of ooordinales do not correspond to the correct password ot other authentication 
code. Infect, these sets ofcoordinaies need not c^en correspond to the location of 

means on the image generated in the subsequent session. 

It should be ooted thatfte abovfr-meotioned embodiments iUustrate rather than 
linutthe invention, andlhatthose skilled in the axtwiU be ablets desiga many alternative 
embodhnents without departing from the scope of the upended Claims. F™^ 
image canbe generated comprisinganewpetnmtation of the iiqnrtmeans^^^ 

set of coordinates is received. This introduces additional security. 

The invention can be used in any kind of device in whidiaseeure composition 

andlransmissionof messages ftomacheuttoaserver is necessary.Chent devices c^ 

embodied as pecsonal computers, laptops. mobUe phones, pahutop computers, automated 
teUerme«»hi«s, public Intemetaccessteaninals, or infect any cheat 
oompletelytmstedbyitsusertonotcoi^anymaUdoussoftwaxeorhardw^^^ 

Lithe claims, any reference sigos placed between parentheses shall not be 
constmed as hmitingthe claim. The word WprisingMoesnote^ludethepr^^^^^ 
el^^nts or steps otiierthan^oaelistedmaclaim. The word V'or -an', precede 
element does not exclude the presence of a pluraUiy of such elements. 

The invention can be implemented by means of hardware comprising several 
distmctelements, andby means ofasuLtably programmed computer-lnlhe^^ 
cnumeratingseveral means, several ofti^ese means canbeembodiedby one aM^^^ 
itemofhardv^-Tliomerefectthatcertammeasures are recited in mutm^^^ 
dependentclaimsdoesnothuJicatethatacombinationoftheseme^^^^ 

advantage. 



PHNL02005QEPP 17.01.2002 10:C 

^ 13 17.01.2002 

CLAIMS; 



1. Amethodofsecarerec»pticmofamessagpfix)mauser,compii^ 
generating (401) an image (S20) representing apluraUly of input means (321) each 
repsesenting an input symbol that can be used in the message, 
encoding (402) ihe image by, for each pixel in ihe image (320), 

chDoang (423, 427) a first pattern (PO) if the pixel is of a first color and a 
portion of ak^ secpienceiepresents afirst value, or if the pixel is of a seco^ 
portion r^resents a second value, and 

choosing (424, 426) a second pattern (PI) if fhepixel is of the second color 
and the portion tepresents fljo first valtie, or if the pixel is of the first color and the portion 



15 



transmitting (403) for each pixel the pertinent chosen pattern to adevice operable by the user, 
recdving (404) a set of coordinates ftomihe device, translaling (405) the set of coordinates 
to aparticmar input means represented onthe image (320), and constructing (406) ihe 
message from the user as the input symbolrepresentedby the particular input means. 

2. The method of claim 1, in which the first color is black, the second color is 
whiter the first value is *0' and the second value is • I' . 

3. The meiiiod of claim 1, in which the message con^aises an auflieoficafion 
20 code. 

4. The method of claim 1, inivhiohfiieplacemeat of the ii^utmeans onihe 
hnage (320) is chosen in a random fashion. 

25 S Ame&odof secure transmissionofamessage, comprising recdving a pattern 

fiomattansmitting device (300), ouiputtbg on afiist di^^^ 
ofthe pattern. outputtingonasecond(Hsplay(311)agrapHcal representation 
pattern (?0)ifaportionofakey sequence repxeseuteafirst value, and ouiputtingo^ 
second display (311) a graphical repxesentafion of a second pattern (PI) if saidpoiUoa 
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^preseitfsasecond value, receivinginputrcpresentingaset of coo 
^tansmitdngthe set of coordinates to the transmitting device (300). 



6, 

5 

spot 



5 The method of daim 5, in vfliichtbe ii^ut is received as Fesa«re ona 

pardc.dar^toftbefir8tdi8playC50l),l3iesetof«K«^ 



7 A oUettt device (3 01) allowing secure transmission of a t 

^dvingme3ns(502)forreceivmgapattemfromatransmittiBgdevi^ 

p^a3rn:di.i:y(3n)saita...^ 

S(311)beingaxrangedforontp^gagrapMcalrepresent^^^ 

apartioaafll.ekeyseciuencerepxesent3afi«tvdue,andforoutp^a^^^^ 

tZe«tationofaBecondpattem(Pl)ifsaidpo.ti^^ 
(S02)fQrtransnnttiiigl!ie setof coordinates to the transmitting dcrvice (300). 

8 Theclieatdevice<30l)ofda3m7.inv*ichtheseconddisplay(3U)is 
LdiedasaunitC3lO)physicanyseparatefrom11.fi.stdi^^ 
20 liie memory <3 12) for storing tiis key sequence. 

Acomp^erpiogrampioductarransedforcai^ingap^^^^^^ 
joofitiiaod of claim 1. 

metliodofolaim5. 
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ABSTRACT: 



AniBtod<rfsec«ietBiismim<marf«oeptioaofamessagsfi^ 
i„ag,(,20)xc,«»e»li.«aptolity»ftap^-a»i.gen«.tedand^^ 

paiticviLai 'uspiA ineans. 



Fig.5A.-C 
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